<?xml version="1.0" encoding="UTF-8"?> <!-- This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[ <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" > %brandDTD; ]> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Password Settings</title> <link rel="stylesheet" href="helpFileLayout.css" type="text/css"/> </head> <body> <h1 id="password_settings">Password Settings</h1> <p>This section describes how to set your password preferences, set your Master Password, and control other aspects of password handling.</p> <p>For step-by-step descriptions of various tasks related to passwords, see <a href="using_priv_help.xhtml#using_the_password_manager">Using the Password Manager</a>.</p> <div class="contentsBox">In this section: <ul> <li><a href="#passwords">Privacy & Security Preferences - Passwords</a></li> <li><a href="#password_manager">Password Manager</a></li> <li><a href="#master_passwords">Privacy & Security Preferences - Master Passwords</a></li> <li><a href="#change_master_password">Change Master Passwords</a></li> <li><a href="#master_password_timeout">Master Password Timeout</a></li> <li><a href="#reset_master_password">Reset Master Password</a></li> <li><a href="#choosing_a_good_password">Choosing a Good Password</a></li> </ul> </div> <h2 id="passwords">Privacy & Security Preferences - Passwords</h2> <p>This section describes the Passwords preferences panel. If you're not already viewing it, follow these steps:</p> <ol> <li>Open the <span class="mac">&brandShortName;</span> <span class="noMac">Edit</span> menu and choose Preferences.</li> <li>Under the Privacy & Security category, click Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)</li> </ol> <h3>Password Manager</h3> <p>Password Manager preferences allow you to</p> <ul> <li><strong>Remember passwords</strong>: Select this checkbox to turn Password Manager on, so that it asks to store your user names and passwords at appropriate times and enters them for you automatically when they're requested. To turn off Password Manager, deselect the same checkbox.</li> <li><strong>Manage Stored Passwords</strong>: Click this button to manage information about your stored passwords and the websites whose user names and passwords you don't want to be stored.</li> </ul> <p>For detailed information about using Password Manager, including how to override it for individual websites and how to view and manage stored passwords,see <a href="using_priv_help.xhtml#using_the_password_manager">Using the Password Manager</a>.</p> <h3 id="encrypting_versus_obscuring">Encrypting Versus Obscuring</h3> <p>If you use Password Manager to save passwords and personal data, this sensitive information is stored on your computer in a file that's difficult, but not impossible, for an intruder to read. This way of storing information is sometimes described as <q>obscuring</q>. This is the default setting that applies to information stored by Password Manager.</p> <p>For improved protection, you may choose to protect the file with encryption. Encryption makes it more difficult (but again, not impossible) for an unauthorized person to view your stored sensitive information. To turn on encryption you need to set a <a href="glossary.xhtml#master_password">master password</a>.</p> <p>Using encryption versus obscuring for stored sensitive data is a tradeoff between improved security and convenience:</p> <ul> <li>If you use encryption, you will need to enter a master password periodically, which can be inconvenient. (For information about controlling how often it is requested, see the discussion of the Master Password timeout at <a href="#master_passwords">Privacy & Security Preferences - Master Passwords</a>.)</li> <li>If you use obscuring, you may not have to set a master password at all (unless you're using certificates for identification purposes), but it may be easier for a stranger who has access to your computer to steal your passwords.</li> </ul> <p>For more details, see <a href="using_priv_help.xhtml#encrypting_stored_sensitive_information">Encrypting Stored Sensitive Information</a>.</p> <h2 id="password_manager">Password Manager</h2> <p>This section describes how to use the Password Manager dialog box to control your stored passwords. If you are not already viewing it, follow these steps:</p> <ol> <li>Open the <span class="mac">&brandShortName;</span> <span class="noMac">Edit</span> menu and choose Preferences.</li> <li>Under the Privacy & Security category, click Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)</li> <li>Click Manage Stored Passwords.</li> </ol> <p>Alternatively, open the Tools menu, choose Password Manager, and then choose Manage Stored Passwords from the submenu.</p> <p>The Password Manager has two tabs:</p> <ol> <li><strong>Passwords Saved</strong>: Click this tab to view the list of websites for which Password Manager has saved your user name and password—that is, the websites for which you selected <q>Yes</q> in response to Password Manager's request to store logon information. <p>The second column shows the user name for each website. If the password is stored in encrypted form, <q>(encrypted)</q> appears after the user name.</p> <p>By default, stored passwords are not displayed.</p> <ul> <li>To see the list of stored passwords, click Show Passwords and confirm your choice.</li> <li>To hide the passwords, click Hide Passwords.</li> </ul> <p>If you remove an entry from the list, the stored user name and password will be discarded, and you will need to log in manually the next time you visit that website.</p> </li> <li><strong>Passwords Never Saved</strong>: Click this tab to view the list of websites for which you selected <q>Never for this site</q> in response to Password Manager's request to store logon information. <p>If a website is included on this list, you will always have to type in your user name and password manually when you log onto the website.</p> <p>If you remove an entry from this list, Password Manager will again ask you, the next time you log onto the website, whether to store your user name and password.</p> </li> </ol> <p>Regardless of which tab you are viewing, you can remove entries from the list as follows:</p> <ul> <li><strong>Remove</strong>: Select one or more entries that you want to remove, then click Remove.</li> <li><strong>Remove All</strong>: Click this button to remove all the entries listed in the tab you are viewing.</li> </ul> <p>For more information about the Password Manager, see <a href= "using_priv_help.xhtml#using_the_password_manager">Using the Password Manager</a>.</p> <h2 id="master_passwords">Privacy & Security Preferences - Master Passwords</h2> <p>This section describes the Master Passwords preferences panel. If you are not already viewing it, follow these steps:</p> <ol> <li>Open the <span class="mac">&brandShortName;</span> <span class="noMac">Edit</span> menu and choose Preferences.</li> <li>Under the Privacy & Security category, click Master Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)</li> </ol> <p>A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates.</p> <p>For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.</p> <p>The master password for the browser's built-in Software Security Device also protects stored sensitive information such as email passwords, website passwords, and other data stored by the Password Manager.</p> <p>Each security device, whether it is software or hardware, has its own separate Master Password.</p> <ul> <li><strong>Change Password</strong>: Click this button to set or change any of your master passwords. For information about using the Change Master Password dialog box that appears when you click this button, see <a href="#change_master_password">Change Master Password</a>.</li> <li>You can control how often the browser requests your master password: <ul> <li><strong>The first time it is needed</strong>: This setting (selected by default) causes the browser to request your master password only the first time it needs access to the private key database after launching. The browser will not request the master password again until after you exit and relaunch it. This setting provides the lowest level of protection.</li> <li><strong>Every time it is needed</strong>: This setting ensures that the browser will never access your saved personal information without first requesting your master password. This setting provides the highest level of protection.</li> <li><strong>If it has not been used for [__] minutes or longer</strong>: This setting causes the browser to request your master password if it needs to access your personal information and the specified interval has elapsed since the last time it did so.</li> </ul> </li> <li><strong>Reset Master Password</strong>: Click this button to reset the master password for the Software Security Device. For more information, see <a href="#reset_master_password">Reset Master Password</a>.</li> </ul> <h2 id="change_master_password">Change Master Password</h2> <p>You must remember your old master password to change it with the Change Password button.</p> <p>This section describes the Change Master Password dialog box. If you're not already viewing it, follow these steps:</p> <ol> <li>Open the <span class="mac">&brandShortName;</span> <span class="noMac">Edit</span> menu and choose Preferences.</li> <li>Under the Privacy & Security category, click Master Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)</li> <li>Click Change Password.</li> </ol> <p>A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates.</p> <p>For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.</p> <p>The master password for the browser's built-in Software Security Device also protects your master key. Your master key is used to encrypt sensitive information such as email passwords, website passwords, and other data stored by the Password Manager.</p> <p>You use the Change Master Password dialog box to provide the following information:</p> <ul> <li><strong>Security Device</strong>: Each security device requires a separate master password. For example, if you are using one or more smart cards to store some of your certificates, you should set a separate master password for each one. If more than one security device is available, a drop-down list at the top of the Set Master Password dialog box allows you to choose the device whose password you want to change.</li> <li><strong>Current password</strong>: If you are changing an existing master password, you must first type the current password. If you don't type the current password correctly, you will see the message <q>You did not enter the current correct Master Password</q> after you click OK. If this happens, you must retype your current password.</li> <li><strong>New password</strong>: Type your new password into this field.</li> <li><strong>New password (again)</strong>: Type your new password again. If you don't type it the second time exactly as you did the first time, the OK button remains inactive. If this happens, try typing the new password again.</li> </ul> <p>If someone uses your computer who knows or can guess your master password, that person may be able to access websites while pretending to be you. This can be dangerous—for example, if you manage your financial accounts over the Internet.</p> <p>Therefore, it's important to select a master password that's difficult to guess. The <strong>password quality meter</strong> gives you a rough idea of the quality of your password as you type it based on factors such as length and the use of uppercase letters, lowercase letters, numbers, and symbols. It does not guarantee, however, that no one will be able to guess your password.</p> <p>For further guidelines, see <a href="#choosing_a_good_password">Choosing a Good Password</a>.</p> <p>It's also important to record your master password in a safe place—and <strong>not</strong> anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as websites that require passwords or certificates stored on your computer.</p> <h2 id="master_password_timeout">Master Password Timeout</h2> <p>After you first set a new master password, you will be asked to enter it only when the newly launched browser first needs it to access personal information, such as a user name and password or personal certificates.</p> <p>You can control how often the browser requests your master password:</p> <ul> <li><strong>The first time it is needed</strong>: This setting (selected by default) causes the browser to request your master password only the first time it needs access to the private key database after launching. The browser will not request the master password again until after you exit and relaunch it. This setting provides the lowest level of protection.</li> <li><strong>Every time it is needed</strong>: This setting ensures that the browser will never access your saved personal information without first requesting your master password. This setting provides the highest level of protection.</li> <li><strong>If it has not been used for [__] minutes or longer</strong>: This setting causes the browser to request your master password if it needs to access your personal information and the specified interval has elapsed since the last time it did so.</li> </ul> <h2 id="reset_master_password">Reset Master Password</h2> <p><strong>Warning</strong>: If you reset your master password, you will permanently erase all the encrypted web and email passwords, saved on your behalf by Password Manager. You will also lose all your personal certificates associated with the <a href="glossary.xhtml#software_security_device"> Software Security Device</a>.</p> <p>To change your master password rather than resetting it, click the Change Password button in the Master Passwords preferences panel.</p> <p>This section describes the Reset Master Password dialog box. If you're not already viewing it, follow these steps:</p> <ol> <li>Open the <span class="mac">&brandShortName;</span> <span class="noMac">Edit</span> menu and choose Preferences.</li> <li>Under the Privacy & Security category, click Master Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)</li> <li>Click Reset Password.</li> </ol> <p><strong>Warning</strong>: If you reset your master password, you will permanently erase all encrypted web and email passwords, saved on your behalf by Password Manager You will also lose all your personal certificates associated with the <a href="glossary.xhtml#software_security_device">software security device</a>.</p> <p>If you remember your master password and decide to change it, you can do so without danger of losing any personal information. If you are viewing the Reset Master Password alert and you decide you want to change your password rather than resetting it, click Cancel to return to the Master Passwords preferences panel, then click Change Password. For details, see <a href="#change_master_password">Change Master Password</a>.</p> <p>Resetting your master password is a last resort that you should use only if you are absolutely sure you've forgotten it. The seriousness of the situation depends on how much personal data your forgotten master password protects.</p> <p>Resetting your master password does not create a new password. Instead, it removes all the data your old master password protects. You will be asked to specify a new master password the next time the browser needs to store personal information.</p> <p>After you reset your master password, you may also want to re-save personal information that you want to have prefilled in the future. For example, as you browse you may want Password Manager to save website and email passwords again.In addition, any personal certificates associated with the software security device will be permanently erased and you will need to apply for new ones.</p> <p><strong>Note for smart card users</strong>: Each smart card has its own master password. The master password for a smart card protects only the data on that smart card (such as personal certificates). You can normally change the master password for a smart card (assuming that you remember it), but you cannot reset it.</p> <h2 id="choosing_a_good_password">Choosing a Good Password</h2> <p>Choosing a good password will help in keeping your personal information safe and private. To improve the security of your password, follow some or all of these suggestions:</p> <ul> <li>Special and punctuation characters (*!$+) mixed with letters and numbers.</li> <li>Mixed upper and lower-case letters—putting capitals in random locations throughout a password is effective.</li> <li>Nonsense words that aren't found in dictionaries but are easy to pronounce.</li> <li>Eight or more characters.</li> </ul> <p>You should avoid personal information that could be guessed. So the following common items should be avoided:</p> <ul> <li>Personal or family names, your initials or birthdays.</li> <li>Your social security number.</li> <li>Names of pets or famous places.</li> <li>Phone numbers or addresses.</li> <li>Words from any kind of dictionary.</li> <li>Your username, login name or computer's name.</li> <li>Repetition of the same letter or symbol.</li> <li>Sequences of keyboard keys, such as <q>12345</q> or <q>qwerty</q>.</li> <li>Any minor modification of the above, such as appending a character to the end of your name or spelling backwards.</li> </ul> <p>A good way to choose a secure but easily remembered password is to use the first character of each word in a phrase. For instance, <q>StNh*nbsS</q> stands for <q>Surfing the Net has never been so Suite</q>; the asterisk in the middle is included for increased security. (Don't use this password!)</p> <p>To further protect your personal data, you are advised to follow these simple rules:</p> <ul> <li>Never give the password out to anyone.</li> <li>If someone has learnt your password, change it immediately.</li> <li>Every few months, change your password.</li> <li>Choose a password you can remember so you don't have to write it down.</li> <li>Avoid letting people observe you typing your password.</li> </ul> </body> </html>